VYPR

Vendor CVEs

ImageMagick

All CVEs

777 total · sorted by risk
  • CVE-2017-5506HigMar 24, 2017
    risk 0.51cvss 7.8epss 0.02

    Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2014-9835HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.

  • CVE-2014-9834HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.

  • CVE-2014-9833HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.

  • CVE-2014-9832HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.

  • CVE-2016-8707HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.04

    An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability…

  • CVE-2007-4988HigSep 24, 2007
    risk 0.51cvss 7.8epss 0.03

    Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

  • CVE-2026-53461HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions…

  • CVE-2026-53460HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in…

  • CVE-2026-49218HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This…

  • CVE-2026-46520HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions…

  • CVE-2017-15033HigOct 5, 2017
    risk 0.49cvss 7.5epss 0.02

    ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

  • CVE-2017-14739HigSep 26, 2017
    risk 0.49cvss 7.5epss 0.03

    The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application…

  • CVE-2017-14137HigSep 4, 2017
    risk 0.49cvss 7.5epss 0.01

    ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.

  • CVE-2017-13143HigAug 23, 2017
    risk 0.49cvss 7.5epss 0.03

    In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.

  • CVE-2017-12435HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.

  • CVE-2017-12430HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.

  • CVE-2017-12429HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.

  • CVE-2017-12428HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.02

    In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.

  • CVE-2017-12418HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.03

    ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.

  • CVE-2016-7539HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.05

    Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

  • CVE-2017-11188HigJul 12, 2017
    risk 0.49cvss 7.5epss 0.02

    The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.

  • CVE-2017-9098HigMay 19, 2017
    risk 0.49cvss 7.5epss 0.04

    ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that…

  • CVE-2017-7619HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.

  • CVE-2014-9804HigMar 30, 2017
    risk 0.49cvss 7.5epss 0.03

    vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."

  • CVE-2017-5507HigMar 24, 2017
    risk 0.49cvss 7.5epss 0.06

    Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.

  • CVE-2014-9839HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).

  • CVE-2014-9851HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).

  • CVE-2014-9850HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

  • CVE-2014-9849HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).

  • CVE-2014-9848HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2014-9842HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

  • CVE-2014-9854HigMar 17, 2017
    risk 0.49cvss 7.5epss 0.04

    coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

  • CVE-2016-10252HigMar 14, 2017
    risk 0.49cvss 7.5epss 0.02

    Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.

  • CVE-2017-6497HigMar 6, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).

  • CVE-2016-6823HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.05

    Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.

  • CVE-2016-5842HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.06

    MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

  • CVE-2012-1610HigJun 5, 2012
    risk 0.49cvss 7.5epss 0.05

    Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists…

  • CVE-2017-15277MedOct 12, 2017
    risk 0.44cvss 6.5epss 0.19

    ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting…

  • CVE-2016-10059HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.

  • CVE-2016-10057HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10056HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10055HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10054HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10052HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10051HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10050HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

  • CVE-2016-10049HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

  • CVE-2016-10065HigMar 3, 2017
    risk 0.44cvss 7.8epss 0.02

    The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10064HigMar 2, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

Page 3 of 16